Deepfakes FakeApp tool (briefly) includes cryptominer

A few weeks ago, we took a look at a forum dedicated to Deepfake clips where the site was pushing Coinhive mining scripts in the website’s HTML code.

As it turns out, there’s been another mining blow-out in the form of one of the apps used to make the fakes. That’s right—a tool designed to push CPU/GPU hard in order to create movie files also wanted you to push the GPU that much further and do a spot of mining in the background at the same time.

The developer of one of the most popular Deepfake movie makers, FakeApp (previously mentioned on Motherboard as a “user-friendly version” of the Deepfakes technology), decided to add an optional mining function into the latest release of their program. The reception to this was, to be fair, a complete disaster and it wasn’t long before said developer realised everything had gone a bit wrong and pulled the miner.

The majority of the posts online made about this range from lengthy rants to angry swearing to the occasional passing insult and a lot of “download the old version or use something else.” If you want to foster a complete sense of mistrust in your app then this is definitely the way to do it:

Click to enlarge

The Developer just announced he is removing the miner. I don’t know if that means you’ll have to wait for a new version or if it’s remotely disabled immediately.

According to the above poster, the mining free version was 100KB smaller than the previous file, so if you weighed in at 70.58MB you were fine, but if you tallied up at 70.68MB you might have wanted to abandon ship. Here’s a rather angry Reddit thread about it:

Click to enlarge

On another popular Deepfake forum, they’re specifically highlighting the two different versions:

Click to enlarge

Make sure you have the version without the cryptominer:

Download from – (may have miner):Download from – (no miner):

According to the Reddit post up above, the app only “mined when you were training” (training being the process of making the computer learn how to draw faces) so you “wouldn’t notice the extra load.” After the hostile reception to the mining, FakeApp v2.2 was taken down by the app developer after a day and re-uploaded sans miner:

Click to enlarge

The donation miner was introduced and removed in one day. The rest is totally clean as has been seen by everyone who’s used it. I’m not doing this to make money.

Regardless of the reasoning, it turns out people do not like miners on their computer—especially when they’re already entrusting a good chunk of heavy duty usage to the app developer as it is. No amount of experiments in funding will make up for this kind of damage limitation exercise:

Click to enlarge

I am not counting on anyone accidentally mining $0.004 cents for me, this is an oversight that has happened for every setting since release. I’m not playing “innocent and transparent” I am trying to help people like I have since the beginning. In fact, I am in the process of putting in code to specially turn it off permanently after people have requested [to turn off the miner].

Miners are a touchy enough subject without additional controversy over the mining function springing back to life every time you restart the program. Worse still, users felt there were also disclosure issues regarding the miner being onboard. In the below screenshot, the developer is having to point out they included a non-skippable disclaimer in the app changelog while admitting they forgot to add it to the changelog on the website:

Click to enlarge

Frankly, it’s all a bit of a mess in fake pornography movie land, and this developer is immediately reaping the whirlwind of “probably shouldn’t have gone with a miner after all.” As for what kind of mining was taking place, it was our old friend Coinhive—humorously, the exact type of mining we spotted being used on that Deepfake forum from a fortnight ago.

I didn’t do it in an attempt to secretly make a profit of users using FakeApp—mining is neither secret nor profitable. I made an effort to be as upfront about it as I could possibly be, putting notices everywhere I could put them, and on the forum the reaction seemed to be mainly positive.

Making a voluntary $10/week to help speed up development off willing donors is not a scam; this was a donation feature that many liked, many were politely uncomfortable with, and a handful seemed intent to read malicious intent into. I have been here since the beginning and anyone who knows my work knows I care about making this tool accessible not making a profit, and that’s why I’ve spent so much of my free time on it.

It is honestly surprising to me that, in the middle of news stories galore about mining being annoying, someone thought squeezing extra juice out of an already juice-squeezed PC for some digital coin generation couldn’t possibly go wrong. The Deepfakes industry has already branched out into multiple tools and programs, and there’s a fair bit of choice out there—one mistake is all it takes, and the fanbase developers have built up will quickly disappear.

One of the most well-known Deepfake programs around has (temporarily) succumbed to the lure of mining, and between this huge reputation blow to arguably the most popular DIY app out there, and the long list of supposed Deepfake sites pushing mining scripts and dubious adverts all over the place, it’s entirely possible that the fake pornography clip industry has started to show signs of a slow, relentless collapse into “We’re not really into this anymore.”

July 26, 2012 - That’s right, this week some of the Malwarebytes gang will be out in Las Vegas for the hacker convention: DefCon 20! Who is going? Marcin Kleczynski – CEO Rebecca Kline – Director of Marketing Josh Hall-Bachner – Web Developer Doug Swanson – VP of Development Adam Kujawa – Me! What are we doing there? DefCon...

July 30, 2012 - As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the...

August 8, 2012 - My colleague Adam Kujawa recently wrote a great post about the Malwarebytes experience at the hacker convention DefCon this year. By popular demand, here’s a round-up of my top four favorite DefCon talks from a development perspective: 1. “Stiltwalker”, by “DC949” (http://www.dc949.org/projects/stiltwalker) I am sure everyone is familiar with reCAPTCHA. You have likely wasted hours...

August 24, 2012 - BitCoin is a new-ish form of digital currency. It allows people to perform financial transactions without the need for a bank or central authority and allows for a large amount of privacy. Transactions are currently limited to ones performed online and only by individuals and organizations that accept BitCoin as payment. However, in the next...

September 18, 2012 - In war, there are always two sides: the attackers and the defenders. A less focused on group is the researchers and developers. While soldiers are fighting a war on the front lines, scientists and engineers are researching and developing new weapons, defenses and tools; things that give their side an advantage. If one of these...